Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Prosecuting DDoS Attacks?

timothy posted more than 4 years ago | from the secret-prisons-too-good-for-'em dept.

Botnet 164

dptalia writes "We all have heard of major DDoS attacks taking down countries, companies, and organizations. But how many of them are ever prosecuted? And how many prosecutions are even successful? I've done some research and it appears the answer is very few (Well duh!). And those that are successfully prosecuted tend to have teenagers as the instigators. Does this mean DDoS is a fairly safe crime to conduct? Are the repercussions nonexistent? Does anyone have some knowledge an insight into this that I don't have? How would you go about prosecuting a DDoS attacker? What's your experience with getting the responsible parties to justice?"

cancel ×

164 comments

Well done. (0, Troll)

Anonymous Coward | more than 4 years ago | (#32477948)

No link tn the article. Smart move.

Re:Well done. (3, Informative)

Razalhague (1497249) | more than 4 years ago | (#32478028)

Well yeah. That's how Ask Slashdot usually works.

Re:Well done. (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#32478592)

Whoosh.

nope sorry im busy atm (2, Funny)

chronoss2010 (1825454) | more than 4 years ago | (#32479768)

i have a button to push on facebook then a 1030 DDoS attack via proxies to launch

Re:Well done. (4, Funny)

Spewns (1599743) | more than 4 years ago | (#32478310)

No link tn the article. Smart move.

Here's a link to the article: http://ask.slashdot.org/story/10/06/06/2051226/Prosecuting-DDoS-Attacks [slashdot.org]

Proof the article is option (1, Offtopic)

syousef (465911) | more than 4 years ago | (#32479584)

Dozens of comments despite the lack of article. I vote slashdot does away with links to the articles and just posts speculation from now on.

Re:Well done. (2, Funny)

SEWilco (27983) | more than 4 years ago | (#32480054)

No link tn the article. Smart move.

Wouldn't want to trigger a DDoS attack on some innocent web server.

The first step (1, Funny)

Anonymous Coward | more than 4 years ago | (#32477952)

is that they have to get the MIT administration to cooperate.

Don't do if you don't want a other Terry Childs on (1)

Joe The Dragon (967727) | more than 4 years ago | (#32477954)

Don't do if you don't want a other Terry Childs on your hands.

Re:Don't do if you don't want a other Terry Childs (2, Funny)

Ethanol-fueled (1125189) | more than 4 years ago | (#32478022)

ping -f www.slashdot.org

You will wire one million dollars into my Swiss bank account if you want to keep your precious site alive.

HahahahahahHAHAHAHAHAHAAAAAAA!

Re:Don't do if you don't want a other Terry Childs (2, Funny)

Pharmboy (216950) | more than 4 years ago | (#32478308)

That's ridiculous. First, every nerd knows they don't have a host named www here, it always redirects. Besides, this script is more effective:

#!/bin/bash
while true
do wget -m -p slashdot.org &
done

Second, the easier way is just to submit a popular story that has a link back to slashdot, thus everyone reading will click on the link, and wallah! They /. themselves and self destruct.

Re:Don't do if you don't want a other Terry Childs (4, Funny)

EdZ (755139) | more than 4 years ago | (#32478686)

thus everyone reading will click on the link

HAH! A common error!

Re:Don't do if you don't want a other Terry Childs (3, Funny)

Hotawa Hawk-eye (976755) | more than 4 years ago | (#32479540)

Not if you labeled it "Natalie Portman and Olivia Munn rubbing suntan lotion on each other at the beach" [slashdot.org] or something similar.

Re:Don't do if you don't want a other Terry Childs (3, Funny)

The Yuckinator (898499) | more than 4 years ago | (#32480536)

I clicked on it just in case.

Re:Don't do if you don't want a other Terry Childs (2, Funny)

Maxo-Texas (864189) | more than 4 years ago | (#32480674)

That was hot!

Natalie Portman /. Olivia Munn slash fiction!

Re:Don't do if you don't want a other Terry Childs (2, Informative)

Kreigaffe (765218) | more than 4 years ago | (#32479058)

you mean voila, not wallah

Re:Don't do if you don't want a other Terry Childs (0)

Anonymous Coward | more than 4 years ago | (#32479716)

I'm not the brightest knife in the drawer, and even I know it's voila.

Re:Don't do if you don't want a other Terry Childs (0)

Anonymous Coward | more than 4 years ago | (#32480708)

Well actually, it is voilà, which means see there.

Re:Don't do if you don't want a other Terry Childs (2, Funny)

Herkum01 (592704) | more than 4 years ago | (#32478430)

(In a french accent) I fart in your general direction, now go away or I will ping you a second time!

Re:Don't do if you don't want a other Terry Childs (2, Interesting)

tsm_sf (545316) | more than 4 years ago | (#32478056)

One of those "the authorities won't become interested until you take matters into your own hands" situations. And the reason is that, as a law-abiding (ok, more or less) citizen, you're much easier to prosecute.

What's needed is for one of these new "cyber" security agencies (and I hope this isn't offensive, but they really need to be led by combat veterans with modern prostheses) to be tasked with hunting botnets and taking them over. Displaying a "this computer secured by the U.S. Gub'mint" message is probably the only guaranteed method of getting a user to wipe their machine.

Re:Don't do if you don't want a other Terry Childs (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32478184)

I, for one, can't imagine any ways in which mission-creep could cause such an organization to bite us in the ass...

Re:Don't do if you don't want a other Terry Childs (4, Funny)

tsm_sf (545316) | more than 4 years ago | (#32478950)

It wouldn't be a matter of if this blew up in our faces, but when. It's still the only workable method.

Fortunately, since this would be run by the US, oversight would be provided by diligent public servants backed by an informed electorate.

Stop DoS? Remove the filibuster. (0)

Anonymous Coward | more than 4 years ago | (#32479778)

Filibuster is a DoS attack.

Re:Don't do if you don't want a other Terry Childs (0)

Anonymous Coward | more than 4 years ago | (#32478492)

Public Security Section 9, anyone?

Slashdotted (5, Funny)

Anonymous Coward | more than 4 years ago | (#32478000)

We get away with it daily here.

Re:Slashdotted (-1)

Anonymous Coward | more than 4 years ago | (#32478124)

Any properly configured web-server can easily handle the slashdot effect. It is only when it is targeted specifically to make the website perform resource intensive task, things break and IP level strategies are required. PS: English is not my first or second language.

Not true - you still need sufficient horsepower (5, Informative)

davidwr (791652) | more than 4 years ago | (#32478290)

"Any properly configured web-server can easily handle the slashdot effect."

Obviously your definition of "properly configured" excludes servers designed to handle less than n different machines connecting to it per second, where

n = the number generated by a typical linking from Slashdot.

The guy stuck in the last decade running a web server on an old Pentium machine serving up a streaming video of his latest stupid pet trick comes to mind. Sure, he may be able to serve up a few hundred, maybe thousands, of unique visitors per second, but at some point he's going to fall over and die when the load gets too high, and there's nothing he can do about it short of getting new hardware.

Yes, your point is taken, web sites can be designed so a click on a link here is handled with a minimum of resource utilization while still serving up useful content. But my point is if you are getting burst traffic of BIGGISHNUM unique visitors per second because of the /. effect, your web server and Internet connection better be up to handling those visitors in a graceful manner, preferably one more useful than "server busy, try again later."

8 million uniques a month on a PIII 450 mhz (1)

chronoss2010 (1825454) | more than 4 years ago | (#32479812)

yup totally configured on a 2megabyte/sec line RUNNING 90% full speed round the clock , in the year 1998 256 mega ram running freebsd. Sounds like someone is getting hosed .....

Several recent examples (5, Informative)

AnonymousX (1632759) | more than 4 years ago | (#32478014)

2 chanologists got a year in the slam each thanks to their DDOS of Scientology.

Maybe... (1)

noncaptusest (1644871) | more than 4 years ago | (#32478030)

...DDoS goes unpunished because it usually originates through bot-nets and zombie computers. More so when trace-back leads to "masterminds" located in countries outside the country of targeted host.

If you get DDoS'ed by a teenager, maybe you deserve it. BTW, who the hell are you and your "research"?

You could always try (1, Funny)

jd (1658) | more than 4 years ago | (#32478080)

...using William Gibson's "black ice" from Neuromancer.

Re:You could always try (0)

Anonymous Coward | more than 4 years ago | (#32479130)

Don't-make-me-think-about-it-It-was-that-painful-even-with-a-bullet-gushing-black&shiny-H&K!

Illegal; but.... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32478098)

The basic problem with DDoSes is that anyone who isn't a moron(ie. the teenage punks who get caught), is generally working from behind multiple layers of indirection and usually across a number of jurisdictions. What they are doing is probably illegal in all of them; but the degree to which the authorities care, or are on the ball enough to do anything about it can be pretty limited.

It doesn't help that a lot of the DDoS victims are either clueless and irrelevant(Yup, the feds don't really care about dialup users getting ping-flooded on IRC), widely considered to be a little shady themselves(*Call to the FBI* "Hi guys, I run this offshore gambling site in Antigua, and I've been having some problems with DDoS attacks that are really cutting in to my ability to serve American customers during peak sporting-event times...." *click*), or are parties in some sort of nationalist pissing match, of the sort where many "patriotic excesses" have a tendency to be overlooked(Yeah, I'm sure the Russian authorities are working night and day to bring to justice anybody involved in atttacks against Estonia...)

While, as a matter of law, DDoSing is hard to do legally, even in fairly shady areas(if nothing else, your botnet likely implies a fair number of computer-intrusion crimes in jurisdictions where that is an offense, and it is unlikely at best that you are properly reporting and paying taxes on the "protection" money that you are collecting). However, with the complexity of cross-jurisdiction investigation and prosecution, and without the massive public antipathy that something like kiddie porn has, the odds of actually getting brought to justice are fairly low, unless you are basically just a petty vandal, hitting some high-profile target in the same country as you.

Re:Illegal; but.... (3, Interesting)

LostCluster (625375) | more than 4 years ago | (#32478172)

A DDoS requires many hosts in different places... and that role is usually played by a botnet of unwitting users. If users cared more about their bandwidth consumption, or were responsible for the damage they caused by their insensitivity to the Internet community, then botnets would be a whole lot harder to assemble. I'm sick of the 3am calls from the girl who only calls when her computer won't work for her....

Re:Illegal; but.... (0)

Anonymous Coward | more than 4 years ago | (#32478220)

At 3am you might have to go to her house, and then be so tired you decide to crash there....

Re:Illegal; but.... (3, Funny)

LostCluster (625375) | more than 4 years ago | (#32478230)

It woulda been nice, but it was Midnight her time when she called.

Re:Illegal; but.... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32478334)

Perhaps I am underestimating the public's perverse acceptance of broad criminalization of all kinds of stuff; but I find it hard to believe that any scheme where Joe Public could find himself paying serious fines or doing serious time just for plugging in a commercially available computer and running normal software would possibly be adopted.

I'd be delighted if there were something that caused people to wipe their flyblown zombie-boxes more often than they do now; but essentially criminalizing getting compromised seems cruel and ineffective when it is so easy to do and sometimes so hard to detect. You don't have to be "negligent", in any useful sense of the term, to get hit.

Re:Illegal; but.... (2, Insightful)

LostCluster (625375) | more than 4 years ago | (#32478390)

Not applying security fixes, or not having a minimal level of antivirus/firewall software is a sure way to join a botnet lately. We need those $15/yr. subscribers to pay the white hat hackers who develop antivirus tech, this isn't like letting a magazine subscription lapse.

Re:Illegal; but.... (5, Insightful)

berzerke (319205) | more than 4 years ago | (#32478556)

...not having a minimal level of antivirus/firewall software is a sure way to join a botnet lately...

Even having one isn't nearly as much protection as most of us would like to believe. A 2007 research study by Panda Labs [pandasecurity.com] found that about 23% of infected machines had active and up-to-date AV software.

My own tests of AV software were less than encouraging and made the 23% quite believable. The better software either had more than a few false positives (Avira), or can be a PITA for non-techie users, and even techie users, (Comodo).

Re:Illegal; but.... (1, Informative)

Anonymous Coward | more than 4 years ago | (#32478990)

Heck, just look at this little gem [adobe.com] (from Adobe, naturally).

"Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX" All vulnerable to an exploit that even Adobe refers to as "critical". Mitigation involves either manually updating flash to 10.1 RC(since 10.1 is still Release Candidate, automatic updates won't even mention it) or manually deleting a .dll somewhere, and enduring "a non-exploitable crash or error message when opening a PDF file that contains SWF content". Oh, great. That'll be fun.

So, yeah, 48 hours and counting from when Adobe clued in, and the overwhelming majority of Flash/Acrobat users, even the ones who update every time they are prompted, are one malicious PDF or Flash ad away from getting cracked.

please, not that (0, Redundant)

Anonymous Coward | more than 4 years ago | (#32479650)

I've had to deal with clients insisting I install and run buggy, insecure antivirus software on their linux servers. putting forward antivirus as the solution is going to lead to more of that stupidity.

Re:Illegal; but.... (3, Insightful)

Opportunist (166417) | more than 4 years ago | (#32479576)

The public's acceptance of that crime is simply the same that applies to everything else:

Does it affect me?
No.
Can I get in trouble for it?
No.
Then why the heck should I care?

That's basically what it comes down to. People do not care about crime that (appearantly, or at least directly) does not affect them. Even if they're being made accomplices. Why? Because it takes an effort to avoid it and there's no gain in it. Simple as that.

And no, you can't really make people directly liable for the damage they do that way. As much as I'd like it, but even I could, unwittingly, become part of a botnet. A fair lot of malware passes through my machines here on a daily base. That one of them manages to escape the sandboxes sooner or later is a given. So, for simple self preservation, I wouldn't really want to see such a law become reality. Besides, it is near impossible for the average user to 100% avoid becoming subject to an infection. Yes, that includes you, dear reader. Not being a moron does help a lot to minimize the infection propability, but it does not remove it entirely. And with knowledge comes the (false) sense of security that you're too good to be infected. You're not. Well, you might be if you don't use Windows. But don't count on it. How often did you reinstall your Windows in the last 2 years? The average clueless idiot does so about every 6 months. And at least then his machine will be clean again. I have to admit, some of the machines here have been running Windows for over 5 years now. Are they still clean? I sure hope so. Am I sure? Not really.

But, and here is the point where I'd put the liability angle, I do what I can to keep them clean. I update their software. I keep them patched and sealed. I use a router to avoid external direct access. They are hidden behind a layer of firewalls. And of course they run on-access AV scanners, and are regularely swept with a different on-demand scanner. And aside of the firewall layers this is something that can easily be asked from Joe Randomuser: Get a router, get a AV scanner and get a software firewall. Where's the problem with that? You don't need to have a huge knowledge of computers to install those tools and turn on auto updates on the software you're using.

I wouldn't call it asking too much from any user to do that. If you got that and still get infected, pity. But you're off the hook. You did everything that could possibly be asked from you as a normal user. But if you install every kind of crap that's sent to you in a spam mail and poke around the net without any protection at all then yes, you're acting negligent. And then you should be liable for the damage you do.

Re:Illegal; but.... (1)

LBt1st (709520) | more than 4 years ago | (#32479748)

Joe-User doesn't even know what a router is. To him it's a blinking box put in by them TV people. And a firewall? Might as well be talking about the latest monster truck event.
Fact is, most people are clueless and until they all replace their computers with smartphones and wired toasters we just have to accept that they're going to mess things up for the rest of us.

Re:Illegal; but.... (0)

Anonymous Coward | more than 4 years ago | (#32478554)

I'm sick of the 3am calls from the girl who only calls when her computer won't work for her....

Just say no. Seriously. Tell her, no, I'm sleeping, who the fuck do you think you are? Tell her, I'm sorry, I don't work for free.

And, oddly, this may even cause people to respect you more. People don't like people that automatically do everything asked of them. This is how a slave functions. By occasionally placing your own interests ahead of the interests of others, people will acknowledge that you value your time and be more reluctant to bother you over trivial concerns. And when you do choose to help them, they will appreciate it all the more.

And, hell... maybe the girl will begin to think you are an actual man, worthy of protecting her newbown spawn. At that point, take my advice, and run... particularly if you recently engaged in copulation with aforementioned hysterical female.

Re:Illegal; but.... (2, Interesting)

Nemyst (1383049) | more than 4 years ago | (#32478384)

Even teenagers rarely get caught. I know someone whose server has been flooded multiple times over by one of those punks you speak of. He knows the name, address, school, he called the police, FBI, police in the server's country... And nothing. The police don't give a damn about it, despite the entire thing costing him money every month (it's a large dedicated server that's getting taken down). The FBI didn't hear "child porn" or "terrorism" so they also don't give a damn. Basically, he's entirely stuck alone if he can't reach the guy's parents or if they don't do anything.

It's incredible that such a thing is running rampant, though, seeing how it can cost people money and business. I can understand the trouble when facing a "professional" hacker who's so well hidden it'd take weeks to track him back, but when all the data is already tracked down, complete with evidence? The police probably prefer eating donuts all day long for all I can tell (sorry to all police officers who dislike donuts or who would actually do something in such a situation).

Re:Illegal; but.... (1)

Bert64 (520050) | more than 4 years ago | (#32478480)

How conclusive is the evidence?
If it's all digital log files, how do you prove they haven't been manually created? If they pick the guy up and he denies it, then what? Even if they do successfully bust him, he's a minor and likely the first time he's been caught so not much is going to happen anyway... And if you take matters into your own hands, it's likely you that will get busted for harassing a minor.
But most of all the feds don't care because you aren't paying them enough to care... If you were a big company with lots of money to throw around that kid would get hauled over the coals (google for mafiaboy).

Re:Illegal; but.... (1)

icebraining (1313345) | more than 4 years ago | (#32478932)

If it's all digital log files, how do you prove they haven't been manually created? If they pick the guy up and he denies it, then what?

The police can request his ISP logs to confirm, it's not that hard. They simply have more important things to do.

Re:Illegal; but.... (1)

icebraining (1313345) | more than 4 years ago | (#32478946)

It's just one person? Flood protection at a firewall level works fine when the attacker(s) floods from the same IP continually.

Re:Illegal; but.... (1)

Kreigaffe (765218) | more than 4 years ago | (#32479096)

If he's got all that info, just file a civil suit for damages. Sure, it might not be easy to actually recover the money, but it might get the ball rolling at least.

Re:Illegal; but.... (1)

hedwards (940851) | more than 4 years ago | (#32479782)

Isn't that what stuttering is for? Sure it doesn't really solve the problem, but it does make it quite a bit more expensive for attackers to do such things.

Re:Illegal but the FBI does not care. (1)

OFnow (1098151) | more than 4 years ago | (#32478810)

What makes you think the FBI has the slightest interest in DDoS period?
They don't. Forget it.

Re:Illegal; but.... (1)

masterwit (1800118) | more than 4 years ago | (#32479188)

the odds of actually getting brought to justice are fairly low, unless you are basically just a petty vandal, hitting some high-profile target in the same country as you.

So when can I start?

i got dossed ONCE (2, Interesting)

chronoss2010 (1825454) | more than 4 years ago | (#32479856)

and i\\when server went down it cost me 150$ i contacted the isp ISP said to email UUNET UUNET told me to CONTACT the iSP after 3 more times at his shit i sent an email to all involved and said "OK if your not willing or able to stop this i will and do not give me any legal repercussion on how i permanently end the problem" I then made apiece a software that targeted the PERSON in Argentina doing it and 75% of the isps in that country. then handed this software to 150 other hackers i knew around the world a week later i asked all to stop i got email from the arse doing this whom apologized that was the last dos i ever had to deal with and its why you never fuck with a hacker site P.S. i never caved and ever started doing what many did post 9/11 and called themselves "security sites either" most of those were shit heads anyhow. BTW before i did it i informed all the top pirates and said your email host thinks its a joke to attack my site , they weren't happy but i said he needs to learn something. its one reason its kinda good to gt in with hackers at least even if your not to serious , just be nice to them and they'll be nice to you. i used ot have some good chats with some pretty high up webmasters of yahoo and other major sites. AND no i've never used this power to extort or force any actions to anyone.Might be one reason ive been running this org for 16 years with no IT arrests in the membership

Re:i got dossed ONCE (1)

pnewhook (788591) | more than 4 years ago | (#32480190)

Geez. Ever hear of punctuation?

I once penetrated a botnet (1)

mcrbids (148650) | more than 4 years ago | (#32480608)

Years ago, a webserver that I was admin for was hacked. It was a multi-homed machine with perhaps 300 websites on it, and permissions were all over the map. I did numerous permissions scans and found a nasty dog's breakfast of 777 directories, this works, but I never got approval to do the work to clean it up because of potential customer upset.

So in this case, somebody used a flaw in a vulnerable formmail.cgi (remember that one?) uploaded a perl script in a hidden "dot" directory in a 777 images folder that, when run, masqueraded as a legit process. I never quite figured out how they made the script look like a legit log process, but I did kill the perl script, because it was taking part in a DDOS attack of some servers that were apparently located in the South San Francisco area.

After a bit of reading of the script, I found that it was the classic IRC bot network, and I simply gave myself an appropriate user name and logged in. At the time, the DDOS was going on. There were maybe 200 other machines in the botnet. Orders would come out, like "pf: 192.168.0.1" where the IP address was the target machine.

I watched for a while, then reported everything, including IP address, screen shots, etc. to the FBI. Nothing happened, not even an email back. Part of me died that day.

Dear China... (5, Informative)

Anonymous Coward | more than 4 years ago | (#32478104)

My company, and our hosting clients, are victims of DDoS attack at a surprisingly high frequency. Although this has cost us thousands, and if you believe our angry customers it's cost them millions, we've never even attempted to prosecute a DDoS perpetrator for the following reasons:

1) The fact that a DDoS is distributed means we'll be left with a list, in the best case scenario, of hundreds or thousands of IP addresses, without the slightest clue which one might lead to the real troublemaker. In fact, for most types of DDoS, none of them lead to the perp in any special way. Often times DDoS attack machines are just zombied desktop computers, infected by a virus the genius user got from clicking on a porn ad.

2) In my experience, the vast majority of DDoS IPs are zoned to foreign countries. Mostly developing nations, or nations not particularly interested in Internet crimes against a US hosting company.

3) Even if the person or persons responsible for the attack were my next-door neighbors, we'd still need to track their actions through servers zoned in other countries. Try sending a subpoena to a (the?) Chinese ISP, asking for logs (if they even exist) from a server within their borders. Even if the log files showed activity from the perpetrator, it would still be somewhat circumstantial, and up for debate ("My computer has been hacked before / My wifi connection isn't secured / etc").

4) Even if you somehow managed, against all odds, to find the perpetrators, who were within a sane legal jurisdiction, and you won a contentious civil court case against them... Is a 17 year-old script kiddie really going to have any money?

It simply isn't worth the hundreds, if not thousands of man hours for us to jump down the rabbit hole for what's honestly not going to be much, if any, reward. I have never once in my life heard of a single successful DDoS prosecution that justified the cost in doing so.

Re:Dear China... (1)

Bert64 (520050) | more than 4 years ago | (#32478486)

And most attacks of this kind are using spoofed packets, so finding the actual nodes in the first place can be quite difficult.

Re:Dear China... (2, Interesting)

icebraining (1313345) | more than 4 years ago | (#32479002)

It depends - one of the most effective ways to kill a small site is to perform a "bandwidth rape" until they cross their monthly limit. A couple dozen people running simple wget loop requesting a large image/video continually can waste hundreds of gigabytes per day.

Re:Dear China... (1)

Kjella (173770) | more than 4 years ago | (#32479624)

4) Even if you somehow managed, against all odds, to find the perpetrators, who were within a sane legal jurisdiction, and you won a contentious civil court case against them... Is a 17 year-old script kiddie really going to have any money?

Most likely there's someone far more "serious" being huge DDoS operations than 17 year old script kiddies, they might be hirelings but nothing more and you can be sure there's money at the top. The trouble is that many career criminals rarely have any legal money, just black money. Mysteriously they always make rent and their car lease but they never have any assets for anyone to seize or wages to garnish. Or it's somehow whitewashed and put on relatives or some other way you can't reach it. So the conclusion is right but the logic sounded a little naive.

Re:Dear China... (0)

Anonymous Coward | more than 4 years ago | (#32480010)

I tried to email a Chinese ISP about a targeted hacked attempt once. The result was a bounce from every single email address listed in the whois. Hard to get any kind of result if no-one is listening. So I agree, nobody in developing countries cares at all about what their users are doing, so long as it's not breaking rules that the ISP could be held accountable for.

its hard to get the root (1)

allo (1728082) | more than 4 years ago | (#32478108)

its pretty pointless to prosecute botnet-nodes or try to find all people participating in a DDoS to sue them. But if you can find out, who called them to DDoS you, you can get him prosecuted for the calling.

Downtime beyond their control... (1)

LostCluster (625375) | more than 4 years ago | (#32478140)

My web host (MediaTemple) got hammered with a DDoS aimed at their DNS servers over the last few weeks. As a result, I've put my most critical domains using ZoneEdit's free-for-your-first-five DNS offer, with the web host playing backup, for my most critical domains. This plan successfully weathered a repeat attack.

To paraphrase Jim Cramer, redundancy must be the only free lunch in IT.

I'd love to provide you more insight into this (1, Funny)

Anonymous Coward | more than 4 years ago | (#32478180)

But the risk of being DDoS'ed due to what I might say is too great.

The 1st rule of defending yourself against DDoSers is not to talk about how to prosecute DDoSers, or DDoSers being brought to justice.

Ask slashdot (5, Funny)

dominious (1077089) | more than 4 years ago | (#32478190)

Does this mean DDoS is a fairly safe crime to conduct?

Oh I see "someone" is very interested in DDoS attacks for "research" right? Dude, listen, just give the link here and your problems will be solved.

Re:Ask slashdot (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32478462)

Ok, this is the sucker: http://slashdot.org/ [slashdot.org]

Re:Ask slashdot (5, Funny)

rtfa-troll (1340807) | more than 4 years ago | (#32478792)

No no; that's the DDOSer's command and control site. Can't you tell just by looking at the comments? At first sight they look as if written by a human, but if you start to read them they are all free of meaningful content and obviously just disguised botnet commands. What else could they be?

Re:Ask slashdot (0)

Anonymous Coward | more than 4 years ago | (#32478832)

LOL! Mod parent up!

Re:Ask slashdot (0)

Anonymous Coward | more than 4 years ago | (#32479092)

http://127.0.0.1 ?

Fight back with eggs (1)

drdrgivemethenews (1525877) | more than 4 years ago | (#32478208)

In California it is legal to throw eggs at a house. So all we need is names and addresses....

It is? Really??? (1)

davidwr (791652) | more than 4 years ago | (#32478342)

I thought the left-coasters, er, I mean liberals, extended animal welfare laws to fetuses and embryos. Think of the poor pre-baby chickens!

Oh wait, you must mean non-fertile eggs, my bad.

Egging them on (2, Informative)

billstewart (78916) | more than 4 years ago | (#32479210)

IIRC, California passed an anti-animal-cruelty referendum, but it's got a couple of years to phase in.

Most eggs are non-fertile; the main people selling fertile eggs are selling them to random health-fooders, or else they're selling them because it's easier not to check whether your free-range hens have had access to a rooster.

Re:Fight back with eggs (2, Informative)

Kreigaffe (765218) | more than 4 years ago | (#32479138)

I very, very seriously doubt that vandalism is legal in California.

You should take those urban legends you hear with a larger grain of salt next time.

It could be argued that toilet papering someone's house is legal, but eggs can and will easy cause actual damage that takes actual real money to fix. Eggs on a car can cause the whole car to need to be stripped and repainted.
Eggs are serious fucking business, not a harmless prank.

Types of attackers (1)

91degrees (207121) | more than 4 years ago | (#32478210)

Presumably, you have the teenagers, the small time crooks and the foreign government hackers.

The small time crooks will go for smallish targets that have reasonable amounts of cash. They'll get noticed but aren't going to be a law enforcement priority. Even multi-million dollar companies don't have a lot of governmnet influence - you need to be valued in the billions for that.

The teenagers will go for the big corporations or the government because they can and they want to get noticed. Well, surprise surprise, they get noticed. The foreign governments will be noticed as well, but there's not a lot you can do. Other countries aren't going to hand their employees over to the US and the US isn't going to hand its employees over to other governments. So even if you're being DDOSed by teenagers you're not going to catch them. (sorry)

DDoS attacks are done via botnet (0)

Anonymous Coward | more than 4 years ago | (#32478236)

DOS attacks are mostly done by botnets consisting of compromised windows machines being controlled by someone behind a proxy of several hops. Catching them is almost impossible. There are always idiots who will have a go on their home dsl connection but its hardly worth going after them. The only way I can see of going after the real DDoS engines (botnets) is breaking down the botnet itself and figuring out whos controlling them. You cant just go banning windows machines. Smarter internet network management maybe?

Banning Windows machines... Hmm.... (1)

davidwr (791652) | more than 4 years ago | (#32478388)

You cant just go banning windows machines.

Hmm, maybe that should be part of every ISP's terms of service: "No windows machines." Yeah, that's the ticket....

Seriously though, ISPs should offer their consumer-grade customers a choice:
*Let us actively monitor your traffic for signs of known active virus- or botnet activity and when we spot it, block it, shutting down your service entirely if necessary, even though there will be false positives and even though this may have privacy implications for you, or
*provide us proof of liability insurance for damage caused by your computers and home network if they get hijacked and proof that you have the technical knowledge to prevent and mitigate such problems or access to someone who does.

Then for the vast majority of customers who take the first option, enforce it.

Business-grade consumers would be required to do something like, but the ISP can make some money by offering for-fee technical assistance for those business customers who prefer "one stop shopping."

It depends on the scale of your operation (1, Insightful)

Yaa 101 (664725) | more than 4 years ago | (#32478242)

If you are a rich company that is well connected politically you can get away practically anything, this also goes for DDOS attacks.

Re:It depends on the scale of your operation (2, Insightful)

LostCluster (625375) | more than 4 years ago | (#32478274)

And if you're a rich company that can pay for more bandwidth and processing than the other guy, you're virtually immune to DDoS problems.

Re:It depends on the scale of your operation (1)

Pharmboy (216950) | more than 4 years ago | (#32478320)

DDOS isn't solely a function of using all the bandwidth. You can keep a server so busy that it starts thrashing, while using less bandwidth than a T1. It is about keeping their server so busy it can't process legitimate requests using one or more of many methods. Hogging the bandwidth *is* one way, but a very ineffective way to do it.

Re:It depends on the scale of your operation (1)

LostCluster (625375) | more than 4 years ago | (#32478398)

That's why I said "bandwidth and processing"...

D stands for distributed (1)

davidwr (791652) | more than 4 years ago | (#32478396)

And if you're a rich company that can pay for more bandwidth and processing than the other guy, you're virtually immune to DDoS problems.

I think you mean....

... if you're a rich company that can pay for more bandwidth than that used by a huge botnet or group of botnets attacking you, you're virtually immune to DDoS problems.

Overreactions. (0)

Anonymous Coward | more than 4 years ago | (#32478294)

This could easily go wrong. There are real organised-crime DDoS attacks, which most will agree should be prosecuted. But what about the DDoS as an emerging tool for political activism, as seen in the incidents with the Church of Scientology? When your typical attacker is a teenager using only his own computer and some script-kiddy software, then prosecuting to the full extent of the law seems to be rather excessive. It could mean a multi-year prison sentence for the online equivilent of a protest group holding a rally outside a company building and blocking the enterance.

There is a definate possibility of overreaction here. Political DDoSers are basically just petty vandals trying to make a point, and incapable of doing much as individuals. I'd have thought community service an appropriate punishment, but I can easily imagine companies treating these like Evil Super-Hackers to get them locked up for a decade as a deterrent against future protests.

A risk, but still prosecute Re:Overreactions. (1)

davidwr (791652) | more than 4 years ago | (#32478496)

Such "criminals" should be prosecuted like other protesters who violate the law:

With reasoned restraint.

In the '60s it wasn't uncommon to arrest people then "allow" them to bond out, forfeit bail, and dismiss the charges.

This is where prosecutorial discretion comes in. Rather than cracking down "with the full force of the law" you ask for a fine, no jail time, and possibly forfeiture of their computer hardware (but not the hard drive or other media).

Other "creative sentencing" might be a few months of living under restrictions on internet use on personally-owned equipment, such as mandatory throttling, mandatory blocking of traffic other than what is "normal use by normal human beings," and in extreme cases, mandatory logging and recording of all traffic except certain privileged traffic such as traffic that might be communications with an attorney. To work this would also entail a near-ban on non-pre-approved Internet use from other computers (e.g. work use would be pre-approved, going to your friend's house to evade the restrictions would not, but "trivial/de minimus" use to look up a restaurant's address from a friend's house would be okay).

Want to make a teenager cry? Take away his super-gaming-machine he bought with his lawnmowing money. Want to make a protester cry? Tell him he can choose between jail for a few months or having his electronic communications monitored for a few months.

Re:A risk, but still prosecute Re:Overreactions. (1)

pnewhook (788591) | more than 4 years ago | (#32480228)

Rather than cracking down "with the full force of the law" you ask for a fine, no jail time, and possibly forfeiture of their computer hardware (but not the hard drive or other media).

No, I'd say the opposite. Take their computer, all the media and every computer in the house. Non returnable. The parents will then rip their little criminal teenie bopper a new one. Problem solved.

I expect (1)

KevMar (471257) | more than 4 years ago | (#32478340)

I expect that the people behind the DOS Attacks break other crimes where there is already a lot of case law supporting it.

Re:I expect (0)

Anonymous Coward | more than 4 years ago | (#32478594)

What, do you expect them to upgrade to Win Attacks?

There will never be a legal framework (0)

Anonymous Coward | more than 4 years ago | (#32478372)

The problem with DDOS Is the same as crimes committed by multi-nationals no one has the authority crime committed in country X Data center in country Y business registered in country Z, there will never be a way to deal with these things since if you had a process to deal with them it would apply equally to crimes committed by large corporations and this is the last sort of law that will ever be instituted by any state corporation , it is simply not in there interest.

Forget legal routes they will never exist, build your own botnet employ your own people carry out your own operations.

Re:There will never be a legal framework (1)

pnewhook (788591) | more than 4 years ago | (#32480238)

The problem with DDOS Is the same as crimes committed by multi-nationals no one has the authority crime committed in country X Data center in country Y business registered in country Z

That's why the world court is such a good idea. A common set of rules for everyone and no where to hide.

How to deal with it. (0)

The Grim Reefer2 (1195989) | more than 4 years ago | (#32478460)

How would you go about prosecuting a DDoS attacker?

Nuke them from orbit, it's the only way to be sure.

Re:How to deal with it. (1)

OrwellianLurker (1739950) | more than 4 years ago | (#32478542)

Try the junk shot first.

DDOS zombies (0)

Anonymous Coward | more than 4 years ago | (#32478570)

First you need to catch the actual attacker. Not just the botnet zombies. That pretty much isnt going to happen.

Next problem... you need to prove it was them... and the attacker wasnt just a zombie manager. That pretty much isnt going to happen.

Next issue is the non-technological ddos. The methodology of ddos to simply hammer the frontpage by requesting it often as possible. How do you differentiate ddos from legitimate traffic?

Ex. I want to take down scientology.com I tell all kinds of people to goto their website and refresh. CNN picks up the news article and people reading the news article goes to scientology.com to see if it's taken down. Who also contribute to the ddos. They keep refreshing to see if the ddos is still going on.

Now hypothetically lets say before CNN ever picked it up... the ddos wasnt even working. CNN is the ones who successfully ddosed scientology at this point. Should CNN article writer then be charged for the ddos? Should the newsreaders who went to the website just to see if it's up or down be charged? Hopefully not.

They dont get prosecuted (0)

Anonymous Coward | more than 4 years ago | (#32478752)

DDoS is very dangerous because it impacts alot more than just your target. DDoS people probably dont get prosecuted often, because someone else gets to them first. If you bot a bunch of boxes, chances are you might bot the wrong boxes. If you DDoS a site, chances are you will impact someone else's traffic. Interefere with the wrong people, and they aren't going to call a DA. So beware...out there on the information highway, there is alot more to worry about than the police.

Re:They dont get prosecuted (0)

Anonymous Coward | more than 4 years ago | (#32480694)

Examples sir.

That is why you will run your DDoS operation in a cafe using a VM.

Stop botnets (0)

Anonymous Coward | more than 4 years ago | (#32478760)

DDoS attacks and most of spam originate from botnets. The only way to stop them is to improve security of end-user systems: educate users not to work with admin privileges, to install software only from trusted sources, not to rely on antivirus software as it only creates false sense of security.

Well I personally would.. (0)

Anonymous Coward | more than 4 years ago | (#32479098)

Obviously you're going to have several IP's in this DDoS attack (If it's successful and you don't just have a shitty uplink) Filter those to Ip's in the US, then from that filter to only show residential locations.

From there I'd send subpeona notices to the ISP's for access to traffic to/from said IP; from that we would most likely grab an IRC server by monitoring said IRC server we would eventually be led to the bot master and as such..an arrest.

AI DDOS Monitoring (1)

EEPROMS (889169) | more than 4 years ago | (#32479186)

rather than throw lawyers at the problem (when has that ever truly fixed a problem) why isnt there some AI DOS attack management system, even more curious why does the internet allow DOS attacks in this age of multi core 64 bit cpu's (even get multi core arm or atom cpu's). You would think after 40 odd years someone would have said "you know we better fix this problem". The internet has reached a stage were it is just as important a service as power and water thus it should not be able to be pulled down by some 12 year old pissed off with the world (haven't we all been there).

Re:AI DDOS Monitoring (1)

doctorcisco (815096) | more than 4 years ago | (#32479476)

"The internet has reached a stage were it is just as important a service as power and water ..."

No, it hasn't. It can't. If you need me to explain, you need to review 3rd grade biology. My daughter recently completed 3rd grade, but I'm pretty sure I don't trust any slashdotters around my daughter. So you'll need to find your own 3rd grader.

doc

Re:AI DDOS Monitoring (1)

pnewhook (788591) | more than 4 years ago | (#32480262)

The internet has reached a stage were it is just as important a service as power and water

Oh please. If the internet were removed it would be an inconvenience, nothing more. You can't say the same about power and water.

Not gonna happen (0)

Anonymous Coward | more than 4 years ago | (#32479430)

There's a lot of Ping and SYN flooding going on against P2P participants. Now I wonder who might be interested in doing such a thing.

Tracking Down BotNet Masters (3, Informative)

JumperCable (673155) | more than 4 years ago | (#32479616)

I found an interesting article on someone tracking down some botnet masters by contacting a few of the infected users, getting a copy of the trojan and running it in a sandbox.

http://www.bellua.com/bcs/asia07.materials/fredrik_soderblom.pdf [bellua.com] (PDF)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...